What you are suggesting will work fine. If you need to filter data by role, it is certainly better to do so on the server before sending the data back to Flex, and you can do this by making use of a session variable that is set upon an initial login.
Things to watch out for are making sure the session doesn't expire while the user clicks around in Flex. You do this by pinging the CF server using a timer. You should also have a check to make sure people are logged in before loading certain parts of the Flex apps. There are obviously security considerations when working with Web services, but that is a topic by itself. Happy coding, Mike Chabot On Jan 10, 2008 3:25 PM, Tom McNeer <[EMAIL PROTECTED]> wrote: > The User's data requests from Flex need to be filtered by the Company > relationship, but there's no need for Flex to know that (necessarily). Flex > makes a request for certain data through Flash Remoting, we use the CF > session identifier to retrieve the User's Company relationship, then use > that to filter the data before returning it to Flex -- after we check on the > Role permissions, of course. > > So after all that -- does this seem like the "right" way to handle such > things? And aside from architectural/philosophical considerations, is there > any technical reason why this won't work? > > I'm obviously new to Flex, and I'm just trying to generate a little > validation/repudiation/advice/discussion. Thanks for any of the above. > > -- > Thanks, > > Tom ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:296388 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
